funsec mailing list archives
Re: mac trojan in-the-wild
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 31 Oct 2007 20:18:31 -0400
On 10/31/07, David Harley <david.a.harley () gmail com> wrote:
No worries :-) I had evaluated av solutions for a university and found out that McAfee Virex did not detect windows viruses.:) That's right, or was when I last administered AV for Macs.
<survey of mine was in 2005>
Strangely enough, the Dr Solomon's Mac product that McAfee acquired but ran down did, IIRC, detect BSVs, but that function was never migrated to Virex.
Well its a hard sell: scanning a mac for the hundreds of known malware vs. scanning a mac for 100's of knowns that can affect the OS, plus the 66k that can't. http://tinyurl.com/228poc <Dude, Channeling Mr Ovbvoius> Also the cost to buy the talent required to find malware on mac vs windows costs the same, but returns less. </end Dude, Channeling Mr Obvious>
Of course, I'm old and feeble, and may have misremembered some of this stuff. ;-)
As long as the viri dont get my Tapioca, its all good... :-) gindduP sekiL --> http://tinyurl.com/6p3l4 <-- Likes Pudding
I thought this was just standard operating procedure for AV, as scanning every OS for every virus might be too CPU intensive for an app.Most Windows AV doesn't check for Mac stuff, though most detect some *n*x stuff. But some of the vendors with a Mac product do, or did. Sophos and Symantec used to, and probably still do, but it's a while since I needed to check these things.
I was disappointed as lots of users with mac's would scan on a mac and then think a file was safe to share. Still the bigger disappointment was that the GDI vulns might have been detected if they had done what the VX'ers had and ported some exploits (detection) from unix to windows... If I could just help convince one RBN engineer to code and backport more malware to be cross platform in order to help out with AV-ROI like this nice fellow: http://tinyurl.com/3x6mqg, we might live in a better world. -JP<after grabbing his coat and leaving, has to return for his galoshes > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- mac trojan in-the-wild Gadi Evron (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Message not available
- Re: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild David Harley (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- RE: mac trojan in-the-wild Alex Eckelberry (Oct 31)
- RE: mac trojan in-the-wild Gadi Evron (Oct 31)
- RE: mac trojan in-the-wild Larry Seltzer (Oct 31)
- Re: mac trojan in-the-wild Brian Loe (Oct 31)
- RE: mac trojan in-the-wild Nick FitzGerald (Oct 31)
- Re: mac trojan in-the-wild der Mouse (Oct 31)
- Re: mac trojan in-the-wild Dude VanWinkle (Oct 31)
- Re: mac trojan in-the-wild Dr. Neal Krawetz (Nov 01)
- Re: mac trojan in-the-wild Drsolly (Nov 01)
- RE: mac trojan in-the-wild Alex Eckelberry (Nov 01)